using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;

namespace IdentityServer4Center
{
    public class Config
    {
        public static IEnumerable<IdentityResource> GetIdentityResources() => new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email()
        };

        public static IEnumerable<ApiScope> GetApiScopes()
        {
            return new List<ApiScope>
            {
                new ApiScope("scope1"),
            };
        }

        // 新版本4.1.2 -- AddInMemoryApiScopes配置scope，老版本此处默认将api1作为scope了
        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>()
            {
                new ApiResource("api1","第一个api接口")
                {
                    Scopes = {"scope1"}
                }
            };
        }

        // client_id
        // client_secret
        // grant_type = client_credentials
        public static IEnumerable<Client> GetClients_Client()
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = "client",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    ClientSecrets =
                    {
                        new Secret("2691894".Sha256())
                    },
                    AllowedScopes = new List<string>
                    {
                        "scope1",
                    }
                }
            };
        }

        // client_id
        // client_secret
        // grant_type = password
        // UserName
        // Password
        public static IEnumerable<Client> GetClients_Password()
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = "client",
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    ClientSecrets =
                    {
                        new Secret("2691894".Sha256())
                    },
                    AllowedScopes = { "scope1" }
                }
            };
        }
        public static List<TestUser> GetTestUsers() => new List<TestUser>
        {
            new TestUser()
            {
                SubjectId = "1",
                Username = "test",
                Password = "123456",
                Claims = new List<Claim> {
                    new Claim(JwtClaimTypes.Email, "test@163.com")
                },
                IsActive = true
            }
        };

        // 这个模式通过OpenID Connect协议向我们的IdentityServer添加了对用户认证交互的支持，
        // OpenID Connect的协议已经内置在IdentityServer中，这个模式要提供UI用于认证交互
        public static IEnumerable<Client> Clients_implicit =>
            new Client[]
            {
                new Client
                {
                    ClientId = "mvc_implicit",
                    ClientName = "MVC Client",
                    // 简化模式
                    AllowedGrantTypes = GrantTypes.Implicit,
                    // 需要授权页面
                    RequireConsent = false,
                    // 客户端oidc地址，用于处理登陆成功后处理授权服务返回的token或授权码，同时保存配置
                    RedirectUris = { "http://localhost:6002/signin-oidc" },
                    // 客户端oidc地址，退出登录后跳转到授权服务，将授权服务也退出登陆
                    PostLogoutRedirectUris = { "http://localhost:6002/signout-callback-oidc" },
                    AllowedCorsOrigins =     { "http://localhost:6002" },
                    // 授权后可以访问的用户信息（OpenId Connect Scope）与Api
                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email,
                        "scope1"
                    },
                    // 允许返回Access Token
                    AllowAccessTokensViaBrowser = true
                }
            };  
    }
}